Hacker News new | past | comments | ask | show | jobs | submit login

So at this point it's just a normal Ransom. There's no 'wares' doing it. Someone stealing something does not make it ransomware.



but it's not even ransom, "ransom" is the situation where something/someone is held until money is payed and then it's returned.

There is nothing being returned here, since the hospital has not lost access to the data, and the threat is that private data will be published.

This is just blackmail.


What has been lost of the privacy of the data, which can be returned.


No, it can't. It is impossible for the blackmailers to prove that they no longer have a copy of the data.


REvil is ransomware that locks you out but first exfiltrates your data. Then the attackers have 2 points of leverage, lock out which you may be able to circumvent with a safe backup process but that won't protect you from the release of your data. This gives the attacker 2 nites at the cherry when trying to convince you to pay.


Stealing would be breaking into their premises and taking the computers. Obtaining data isn't stealing.


> Obtaining data isn't stealing.

What is it then, if you don't have the legal right to the data?


If some law prevents you from having access to some data, then presumably that law has a name for whatever the crime is.

It's not like we need the law to explicitly allow types of access. Anything not explicitly disallowed is allowed without a special name.

"Stealing" happens when the original owner is deprived of the thing.


It's something different from stealing.

Both "hacking" and stealing are illegal in most countries, but they're still completely different actions: one is taking a physical object from someone, the other is sending and receiving electrical pulses trough a wire.

You wouldn't call stealing and killing by the same word, either, even though both are illegal.


Infringement

Seriously. Theft requires the property owner be denied their property.

What happened is someone made a copy they were not supposed to.

Textbook infringement.


Since we're discussing word choices and definitions, I'd argue that it's not stealing either if the Hospital retained possession of the data. It might be better said that they "obtained without authorization" or "illegally obtained".

What makes "stealing" particularly bad is that the rightful owner no longer has possession of their property. That's not necessarily the case with data.


This sort of thing is why people need to stop thinking that the digital world is analogous to our analog one.

In digital, information wants to be free and many kinds of resources are effectively unlimited. There is no material scarcity. Therefore, theft, in the digital world, can't be the same as it is in our analog world.

To be fair, this also applies to copyright and peoples' foolish notion that they can protect data without a great amount of preventing otherwise normal "physiological" processes. (Ironically, rather than having a wake-up moment where people realize their folly, we've institutionalized these resource-scarcity regimes into resource-abundant versions in the digital world)

To summarize, info wants to be free, and since theft requires extra effort to deprive someone of what you stole, does that definition of theft really apply here? Or does it need to change given the context? And, as a secondary point, people like to think they can protect data but their brains are stuck in our analog, resource-scarce world




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: